groovy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul King <pa...@asert.com.au>
Subject Re: [mentors] experimental graduation maturity assessment in view of graduating Groovy
Date Thu, 15 Oct 2015 12:19:47 GMT
> ==== LC20
> _Libraries that are mandatory dependencies of the project's code do not create more restrictions
than the Apache License does._
>
> TODO: do we have a documented verification of that? JIRA ticket?

The Groovy all jar bundles ASM and ANTLR as per
licenses/LICENSE-JARJAR file (this is embedded in that Jar). There are
no other mandatory library dependencies when using Groovy.

Although strictly outside of a formal release, the binary convenience
artifacts also have similar license info, e.g. looking inside
LICENSE-BINZIP you will see:
Hamcrest License (needed when using optional JUnit dependency)
JLine2 License (optional dependency used with groovysh)
JSR166y License (optionally used by the optional GPars dependency)
JUnit License (optional dependency when using Groovy for testing)
XStream License (optional dependency when serializing AST as XML)


As for build/tool dependencies, these can be found as mentioned
earlier using 'gradlew dependencies". These are all open source
libraries.

On Thu, Oct 15, 2015 at 9:52 PM, Paul King <paulk@asert.com.au> wrote:
> Guillaume is fixing a few of the missing links on the home page.
>
> Also, wrt:
>
>> ==== CS10
>> _The project maintains a public list of its contributors who have decision power
-- the project's PMC (Project Management Committee) consists of those contributors._
>>
>> TODO, I don't think that list exists but it will eventually be at people.apache.org/committers-by-project.html#groovy-pmc
>> once the project graduates.
>
> There is this page here:
> http://incubator.apache.org/projects/groovy.html
>
> We didn't spell out PMC/PPMC on that page. If we did, would that be
> what is expected?
>
>> [...] I'm not familiar with Gradle but I suppose there's a build option to list them?
>
> $ gradlew dependencies
>
> gives a fairly comprehensive list of dependencies including build.tool
> dependencies.
>
> Paul.
>
>
> On Thu, Oct 15, 2015 at 9:43 PM, Bertrand Delacretaz
> <bdelacretaz@apache.org> wrote:
>> Hi Cédric,
>>
>> On Thu, Oct 15, 2015 at 11:58 AM, Cédric Champeau
>> <cedric.champeau@gmail.com> wrote:
>>> Bertrand wrote:
>>>> TODO: http://groovy.apache.org/ redirects to http://groovy-lang.org/, do
>>>> we plan on keeping it like that?
>>>
>>> ...My vision to this, what we
>>> might do is using groovy.a.o for *development of Groovy itself*, while
>>> groovy-lang.org would be the user facing site....
>>
>> That sounds good to me, I moved that info to CO10 and updated CD20 to
>> mention the "fork me on github" banner. Note that that banner is not
>> visible for me using Firefox Developer Edition 43.0a2 (2015-10-14).
>>
>>> LC20
>>>> TODO: do we have a documented verification of that? JIRA ticket?
>>>
>>> Apart from using Rat, no, I don't think we have. But I think it adresses
>>> LC30. We don't have any dependency which is not OSS or not approved...
>>
>> do we have, or can we create a jira ticket or similar page that
>> documents all the the current dependencies? I'm not familiar with
>> Gradle but I suppose there's a build option to list them?
>>
>>> RE40
>>> ...Votes and announcements explicitly refer to those binaries as convenience
>>> binaries...
>>
>> Ok, I have updated that and removed the TODO.
>>
>>> QU30
>>>
>>> We have http://groovy-lang.org/security.html, but not linked from top-level
>>> page or menu....
>>
>> I don't think that page explains how to report security issues. A link
>> to http://www.apache.org/security/ would be sufficient.
>>
>> -Bertrand

Mime
View raw message